THE long-dreaded zero-day exploit is coming soon and resellers need to act now to ensure their customers are protected.
This is the latest warning from Microsoft, who says a zero-day exploit, where a software vulnerability is attacked on the same day it is discovered, will cause considerable chaos for organisations without effective security measures already in place.
Resellers are critical in ensuring companies are protected when such an exploit is unleashed, says Brett Roberts, Microsoft New Zealand’s chief technology officer and security spokesperson.
Hackers are becoming faster at exploiting software vulnerabilities, says Roberts.
In 2001 it took 331 days for the Nimda worm to be released after a fix for the underlying vulnerability was released.
But in August 2003, Blaster arrived 25 days after the vulnerability was found, while last May’s Sasser struck within only 14 days.
“You only have to plot those on a timeline and realise that the zero-day exploit is inevitable,” says Roberts. While he says it would be dangerous for him to predict when this will happen, he believes it can be expected any day. This threat creates an ideal opportunity for resellers to be proactive with their clients over security, he says.
“Because it is a topic customers are really interested in partners get to have different conversations with different people in the organisation. It is a great opportunity for them to reposition themselves with their customers,” he says.
As hackers now reengineer patches to work out what they are fixing and how they can exploit the original vulnerability, Roberts says patching is no longer the primary line of defence.
“It is about risk mitigation. Customers need in-depth and multiple lines of defence. It is not just about the technology — it is about the people and the policy that is wrapped around it,” he says.
Partners need to talk to customers about building resilience into their critical IT infrastructure to ensure malicious software is kept out and disaster recovery plans are in place, says Roberts, adding some partners are building great businesses and relationships with customers based on this.